Be part of a dynamic winning team and grow your career with opportunities to expand your Cyber Security expertise supporting our Military.
The Cyber Security Analyst will provide cybersecurity engineering, systems architecture, and certification and accreditation (C&A) support to the Army CSR Enterprise Audit Program. Support will include, but is not limited to the following:
- Actively work to improve the security posture of the organization through the proper implementation and effectiveness of technical security controls.
- Support the Army Community Shared Resources (CSR) Enterprise Audit program (ACEAP) with definition and implementation of overall C&A strategy and produce a resulting cybersecurity policy outlining said strategy for Government review and approval
- Provide security control guidance and recommendations, to include those requirements found in ICS 500-27, NIST 800-53, Director of Central Intelligence Directives (DCID) 6/3, DoD Information Assurance Certification and Accreditation Process, DoD Instruction (DoDI) 8510.01 RMF, 500 Intelligence Community Directives (ICDs) to include applicable overlays, Continuity of Operations Planning, Security Technical Implementation Guide and Assured Compliance Assessment Solution (ACAS) scan results
- Support continual assessment of risks to a full Authority to Operate (ATO) determination.
- Conduct hands-on evaluations of technical configurations on diverse technologies such as network devices, operating systems, and platforms supporting virtualization, database, web and applications in the environment and prepare briefing of those technologies to support improving security posture of the organization.
- Create and maintain extensive C&A Body of Evidence (BOE) documentation to include enterprise System Security Authorization Agreement, plan of action, and milestones, waiver and exception documentation while ensuring the technical accuracy of all specified BOEs.
- Evaluate and maintain firewall access control lists and create accurate Ports, Protocols and Service Management documentation on all three enterprise networks; the contractor shall monitor and review the C&A process for the customers standalone and Closed Restricted Network (CRN) systems.
- Create and document internal application and code review procedures, such as the Product Description Documentation (PDD) process and the initiation of Certificate of Networthiness (CON) packages to United States Army Network Enterprise Technology Command to be reviewed/approved by the Government
Required Education and Clearance
- Minimum 6 years professional experience supporting technology delivery to commercial or government clients
- Minimum 4 years professional experience in achieving cybersecurity certification and accreditation
- Expertise in managing information-related risks within enterprise architectures, including in development environments
- Experience with the Risk Management Framework (RMF) and DIACAP required
- Experience with AuditXML required
- Familiarity with bi-directional audit conversion and experience with HBSS required
- Experience with Innerview, Arcsight, and Poirot preferred
- Active security-related certification (i.e., CISSP, CAP, or Security+)
- Proven ability to participate in the analysis of IT and business issues
- Strong written and verbal communications skills are a must
- B.S. in information systems related major. CISSP certification is preferred
MUST HAVE AN ACTIVE TOP SECRET CLEARANCE. SCI ELIGIBILITY REQUIRED